Authentication between Confluence and Jira not working over application links

Hello,

I have my Jira and Confluence systems configured for HTTPS and have them linked successfully. However, when attempting to navigate between the two systems via app links, I am still prompted to input my credentials again to authentication. My logs are not showing any useful information regarding issues between the systems.

So here's my configuration (systems are CentOS 7):

https://jira_external_url > (kemp load balancer) reverse proxy to 8443 on real server (Jira v7.9.2)

https://confluence_external_url > (kemp load balancer) reverse proxy to 8443 on real server (Confluence v6.10)

http://crowd_internal_url:8095 > (Crowd 3.3.0)

Both systems point to the crowd internal URL for authentication. Both systems point to each other locally utilizing the local hosts file entires to allow internal communication for app links (over port 8443 with OAuth Impersonation) rather than going out to the public URLs and coming back in the reverse proxy (attempting to do that just plain doesn't work in my deployment).

I'm not exactly sure what's missing in the configuration. Please help.

3 answers

0 votes
Fadoua Boualem Community Champion Wednesday

@mitchel mccullough

Do you have SSO enabled in Crowd?

Best,

What exactly do you mean by enabling SSO in Crowd? I have the applications set up in Crowd, both Jira and Confluence can establish sessions to the Crowd server.

Fadoua Boualem Community Champion Wednesday

@mitchel mccullough

Application Link makes communication between the 2 apps available. Meaning you can link a Confluence page to a project in JIRA, add a JIRA issue inside a Confluence page, and more.

Switching between the 2 apps without entering your credentials every time is a feature that you can enable from inside Crowd (Single Sign On).

I hope this helps.

All the best,

Do you mean authorisation caching? That is enabled and I also have and SSO Cookie configured. For context, this is a migration from a hosted facility that utilized only HTTP to on-prem, using HTTPS. I imported the existing configurations from the hosted facility and altered the systems to use HTTPS and a reverse proxy. This means Crowd SSO worked prior to my on prem migration.

Fadoua Boualem Community Champion Wednesday

@mitchel mcculloughok makes sense. Let me check and get back to you

What exactly do you mean by enabling SSO in Crowd? I have the applications set up in Crowd, both Jira and Confluence can establish sessions to the Crowd server.

Hi Mitchel,

Please check this article to help you get started with troublesooting: https://confluence.atlassian.com/crowd/troubleshooting-sso-with-crowd-131466214.html

Be sure to select your version of Crowd from the version drop-down in the top right of the screen.  See if this helps and we hope to hear back on your progress.

Thanks for the resources. I tested both applications in Crowd using the authentication test successfully.

Editing the seraph-config.xml to enable Crowd SSO integration causes Jira to not start up properly, so I had to revert it there. I was able to edit the Confluence seraph-config.xml and restart the service fine. The SSO issue still remains.

Fadoua Boualem Community Champion Wednesday

@mitchel mccullough

Please click here to open a ticket with Atlassian Support.

All the best

I've opened up a ticket with Atlassian Support. I've reviewed all of the links you sent and I couldn't find a way to set the RequestHeader unset Authorisation in my proxy (not using Apache, using an appliance). My guess is that a specific header is not being passed properly resulting in a authorization token error.

 

Thanks everyone for you help! I will update with what Atlassian Support finds.

Fadoua Boualem Community Champion Wednesday

Thank you for the update @mitchel mccullough greatly appreciated.

Best of luck!

Dafont 123Movies FileHippo What precisely do you mean by empowering SSO in Crowd? I have the applications set up in Crowd, both Jira and Confluence can build up sessions to the Crowd server.

Fadoua Boualem Community Champion Wednesday

@karimovicthere is an option in Crowd when you enable it you only need to log in to one Atlassian App and all the other will not require any logging credentials.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 16, 2018 in Jira

Looking for anyone who made the switch to Data Center

The Jira Marketing team is putting together an ebook on migrating to Data Center. We're looking for pro tips on how you staffed your project team and organized your Proof of Concept. Share yo...

1,086 views 11 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you